Could any experienced CF\CIS user please help me with the following issues?
The first 2 interest me particularly.
I don’t think so, but is it possible to create this kind of behaviour inside CF ?
Allow TCP and UDP connections (In and Out) on some ports only for certain applications, but at the same time block All other TCP and UDP connections on those ports, when those apps are not involved.
I know the order in which CF processes Inbound and Outbound connections and I supposed
after a lot of trying that this kind of rule is not possible inside comodo.
I’ll detail for some p2p programs.
I want to block all In/Out connections on tcp and upd ports from 1025-65535 (and maybe other small number ports) but at the same time I want my p2p programs ( bitcomet and emule ) to be able to transfer data using TCP and UDP (In/Out) on ANY ports from the range 1025-65535.
Limiting the range of ports used by the p2p prog. would be almost the same thing.
I want this because these p2p programs use aggressive techniques for connecting to other
users, that is, they use more or less random ports each time and use a lot of ports
if many connections are established.
So they use both TCP and UDP and I can’t predict which ports are going to be used, even if you specify certain port inside the p2p application.
The only solution I see is to create a custom profile that is active when using a p2p client - and not be able to block everything, and another more restrictive profile that you apply when not doing any p2p transfer.
If you choose to log certain connections; for ex: “Block all TCP” , comodo firewall captures/logs the transfer from other IPs to other IPs , all different from my IP, i.e. it captures other connections too, not just those that involve my machine.
Wireshark, in default mode doesn’t log/capture transfers between other IPs different form yours.
Is this logical, or normal for a firewall?
Does anyone know why the comodo team implemented the rules checking mechanism this way - creating a list for Applications and a list of General Rules - instead of combining both into one , and parsing the rules (for In and Out traffic) from top to bottom every time ?
What do you thing of this problem I found with some type of overlapping rules, but only when defining a range of IPs, not using the Any IP choice ?
If I create an Allow rule and a Block rule with a smaller range, below the first one, then the corresponding connections are blocked instead of being allowed.
I use CF 3.0.25 .
The rules are:
Allow and Log TCP Out From IP In [ My IP Range ] To IP Any Where Source Port Is Any
And Dest Port Is In [1025-65535]
Block and Log TCP Out From IP In [ My IP Range ] To IP Any Where Source Port Is Any
And Dest Port Is 443
The first one is the on the top of the global rules.
They are just for some test rules, but I think the Allow rule should have priority of the 2 overlapping rules, because is on top.
If I use Any instead of My IP Range the connections are allowed.
5: (Just a thought)
As posted here:
https://forums.comodo.com/frequently-asked-questions-faq-for-comodo-firewall/how-to-understanding-creating-network-control-rules-properly-t1125.0.html the rule using [ “In/Out” when both the destination IP and source IP ranges are not both set to “Any”] doesn’t usually make sense, but can be created inside the firewall.